4 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them El plugin Sharebar de WordPress a través de la versión 1.4.1 no tiene una comprobación de CSRF cuando se actualiza su configuración, lo que podría permitir a los atacantes hacer que un administrador conectado los cambie a través de un ataque CSRF y también conducir a un problema de Cross-Site Scripting almacenado debido a la falta de sanitización y escape en algunos de ellos • https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. Múltiple vulnerabilidades CSRF (cross-site request forgery) en el plugin Sharebar v1.2.5 para WordPress permite a atacantes remotos secuentrar la autenticacion de administrador para solicitudes que (1) añaden o (2) modifican botones, o (3) insertar sencuencias XSS (cross-site scripting) Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.4.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. • http://secunia.com/advisories/52948 http://www.securityfocus.com/bid/60956 https://exchange.xforce.ibmcloud.com/vulnerabilities/85438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. El plugin sharebar antes de 1.2.2 para WordPress tiene XSS, un problema diferente que CVE-2013-3491. The Sharebar plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/sharebar/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The sharebar plugin before 1.2.2 for WordPress has SQL injection. El plugin sharebar antes de 1.2.2 para WordPress tiene inyección SQL. The sharebar plugin before 1.2.2 for WordPress has SQL injection via id parameter. • https://wordpress.org/plugins/sharebar/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •